Q&A: Views on Privacy and Identity Theft

Jonathan Moneymaker is VP of Operations at Anonymizer. He is a certified Project Management Professional and also holds a BS in Systems Engineering from the University of Southern California.

In this interview he tackles headaches related to privacy and identity theft.

As more people get online, problems related to privacy multiply. What should an everyday user pay attention to in order to safeguard his/hers online activities from potential attackers?
More and more of our everyday activities are being carried out online – work, email, chat, banking, shopping, research or just browsing. Employers and individuals should understand that every Web site they visit is logging information about them and their organization, such as IP Addresses, domain names, software versions and such. In many cases this information is captured in order to enhance the user’s experience by remembering passwords, displaying relative content or sorting out possible compatibility issues. However, with ultra openness also come vulnerabilities. Depending on the type of activity users are engaging in, here are a couple of suggestions from the basic to the slightly more technical.

  • For most of us, the linchpin of our online presence is our personal email address. Managing it can serve as a powerful tool of prevention. I recommend creating intermediary email aliases that all forward back to their main email address. If, for example, a Web site has sold the intermediary address, you have the ability to simply remove that alias, leaving the main one uncompromised from spam, phishing scams or other attacks.
  • Always be aware of providing personal information online. Look for indications that the site uses SSL to encrypt and protect your information. Also, try and limit the use of cookies. These may seem convenient at the time, but not so much if your information gets into the open.
  • The majority of people now operate with a work and a home computer. The best practice is really to keep them separate; using one computer for both business and personal issues may potentially expose both a person’s private information and their company’s information.
  • For the slightly more tech savvy users: Virtual technologies allow a single computer to behave as two discreet ones. In this scenario, individuals can use the virtual computer to browse the Web and their “real” computer to access secure sites. The more separate, the better.

Even in this constantly changing high-tech world, Ben Franklin’s advice still applies: “An ounce of Prevention is worth a pound a Cure.”

In your opinion, how common is identity theft? Who should be worried?
A subject near and dear to my heart. I was a victim many years ago, and let me tell you that even the slightest incident can have serious ripple effects. Everyone is truly at risk and in many cases the repercussions of traditional “sifting through your garbage ID theft” can now be felt with far less effort by the would-be theft. If users are careful and take appropriate steps like some of the items I listed above, they can weed themselves out of the pool of easy targets; a bit of “The “Club’ for your car” effect.

Let’s discuss the enterprise for a bit. When should an organization deploy a global strategy related to privacy compliance?
Just like other security policies and compliance programs, privacy compliance should be part of enterprise risk mitigation strategy, and it deserves senior management-level discussion on a regular basis. I have seen both internal privacy policies involving holding of information about customers or employees, and external privacy policies around how an enterprise protects itself out on the open Internet either from a research standpoint involving a new product release, or even just some insurance against negative PR caused by online activity under the corporate identity. In either case, policies and the technologies that support them need to be in place ahead of the curve. Acting reactionary can serve to be a most costly mistake.

What do you see your clients most worried about?
Interestingly enough, we serve three distinct business sectors: consumers, enterprises and the government. Each certainly has their own concerns relative to what they are trying to accomplish, but they all stem from the basic concept of not leaving a digital footprint online. Our business is a balancing act of addressing known threats and working toward staying ahead of the unknown.